please note my zone is maybe different just remember the one you have
if that does not work then you may need to adjust these to accept aswell:
and also make sure to look into the dhcp options in luci, there are some options which also may prevent you connecting like rebind protection, or other options.
you can also completely shutdown the firewall:
under System -> Startup but often I recommend to first try without zone
I tried to delete the zones and shutdown the firewall.
Both actions resulted in loss of internet access. Turning on the firewall immediately restored internet.
Th firewall rules are not only to block network traffic, it is to steer all network traffic. So shut down the firewall will shit down all interconnect between the different net. This may will work if every device is in one subnet, so no routing is needed.
If I understand your issue, the robot is on LAN and should be reachable on all ports from WAN. In that case I would tey to put the robot in DMZ: Port Forwarding - GL.iNet Router Docs 4 ... This is a 'special port forwarding', in which all traffic to the router on WAN goes to the configured device in LAN.
This still could lead to non routed traffic, because it is still NAT.
If this doesn't work, could you provide a table or picture with the involved IPs and connections? Plus which exactly is not routed/working?
I agree what @LupusE says here, stopping the firewall might be too much also for the internal scripts by gl-inet, but you can also set everything on wan to accept, that should be enough to still allow wan routing.
Too bad there seem to be no simple "allow all traffic" option.
I attached a figure showing the network set up. I can communicate between machines connected directly to the company router, as well as between machines connected to the GL-MT3000 router. The problem is communication between these two groups.
If the GL-MT3000 router did not block the ROS 2 communication traffic, then the router should be able to properly route traffic to each machine in the GL-MT3000 network, no?
About DMZ. If I had only one machine in the GL-MT3000 network I suppose this might be a potential solution. In the case of multiple machines, the assigned DMZ machine would not automatically route communication to the other machines, right?
But this is how Networks work. This won't change because you don't like this.
Yes, you are right, the DMZ works only for one target.
But in your picture I don't see which is 'the server'. There should be one server and one client. If the Server is in 192.20.137.0/24, the clients in 192.168.8.0/24 should reach. But the 'server' in 192.20.137.0/24 can't 'publish themself' in in the 192.168.8.0/24 network. The clients needs to know how to contact ...
This is all valid for 'Network - Network Mode': Router.
You can change the setting to 'Extender'. I haven't used this, but in general it should disable the local DHCP, and transparent add all devices connect to LAN and/or WLAN to the WAN network, without routing/NAT.
If you disable the firewall, you also disable routing. So the router is useless.
The firewall also contains the forwarding rules from WAN to LAN.
The WAN side has one IP. You need the firewall rule for routing to answer requests from LAN to WAN and route them back.
If you delete every reject and drop rule 'to disable the firewall' as you requested, all packets will be received by the routers WAN port. And now? What should it do?
Maybe you don't want a router, you just want a switch.
Solution: With GL.iNet devices you could put every device to the (W)LAN side. Ignore the WAN port... No firewall at all.
Ask your ISP for an IP block, use a router that is able to handle IP blocks, an you can use your IP cam without port forwarding.
This is so far from what we are doing here.
You are a small private consumer. I'm our world you could be lucky if you even get a public IP and not something like CGNAT...
If you use NAT, to have internet to more than one endpoint behind one ISP line, you need port forwarding.
I don't know what we are discussing here. I think I tried to explain how it works. I don't get what is the issue with using a system (network) how it is designed.
Who told you port forwarding is bad? What do you want to archive?
Thanks for the picture. Now I can see it. I don't like GUI browsing on the road.
We are talking about internal LAN. But the issue is the same, but only there is no ISP involved.
At first: Why to you split 192.178.178.1 and 189.168.8.1?
You could simple set your router as extender. It will get a 192.168.178.0/24 address via DHCP from the main router, and all devices as well. No translation, no firewall.
Read Network Mode - GL.iNet Router Docs 4 ... I think the mode 'extender' should be named 'bridge', too. But I understand how GL.iNet tries to make a difference from LAN-bridging to WLAN extender in the UI.
You could, on your main router, set a static route for 192.168.8.0/24 via 192.168.178.nnn (WAN IP of the MT3000). If you try to reach 192.168.8.100 (for example as IP of the webcam), the PC asks the gateway 192.168.178.1 this will lookup its static routing table 192.168.8.0/24 -> and sends the request to 192.168.8.1 which sends it to the destination.
I am not sure if the MT3000 needs further settings to accept requests from WAN ...
For your Picture: It seems 'Gateway' is the wrong wording, if you want to describe the IP for the MT3000.
I don't own a MT3000. And I am not at home to build a lab to test with similar devices. But your issue is the forwarding, not the firewall. So this whole topic is the wrong thread.
With the given keywords and a little forum search, I would trust Static route on Marble GL-B3000 (Beta Tester) - #2 by dxf and try in Lucy to set the 'Firewall (how ironic) - Zone Settings' on Name 'wan' at option 'Forward' to 'accept' ... And following hints in this post.
I am at home on Monday, but don't expect to have time for another lab to test the OpenWrt settings myself.
Buy a webcam that supports 802.11r, to choose the best AP in range without disconnecting.
Or set the BSSID (Mac) instead of the SSID, if it is supported in the Webcam ... I think this is really an issue of the webcam not of the network.
Yes, it is just my case
I applied the same configuration, but does not work: cannot ping the webcam.
I will try reset the router and start from a clean configuration.
Thanks for help, marco
No ping could have many reasons. Ping is the ICMP protocol, it is a good troubleshooting tool in fully controlled environments.
I'd recommend a try to reach the web frontend of the webcam. This is TCP. A little easier to use in our case.
Later we can take a look of the ICMP handling.
In my GL-iNet pouch bag (greetings to @JoyceNI), I've still have my Slate AX and the place where I am uses a Fritz!Box... Maybe I can test tomorrow.
Now I need to make ready for a party. Don't support and drink!